Determine which directory integration scenario to use
Updated: July 13, 2015
Applies To: Azure, Office 365, Windows Intune
An important part of planning your Azure Active Directory experience is determining how you want to administer your directory, as well as how your users will sign into Microsoft cloud services.
The objective of this topic is to help you quickly find the list of directory integration features and benefits you need and map them to the most appropriate directory integration scenario.
Use the following decision matrix if your corporate environment has a single on-premises source forest:
| I need to… | DirSync with Password Sync | DirSync with Single Sign-On |
|---|---|---|
Sync new user, contact, and group accounts created in my on-premises Active Directory to the cloud automatically |
|
|
Sync incremental updates made to existing accounts in my on-premises Active Directory to the cloud automatically |
|
|
Set up my tenant for Office 365 hybrid scenarios |
|
|
Enable my users to sign in and access cloud services using their on-premises password |
|
|
Reduce password administration costs |
|
|
Control password policies from my on-premises Active Directory |
|
|
Enable cloud-based multi-factor authentication solutions |
|
|
Enable on-premises multi-factor authentication solutions |
|
|
Ensure user authentications occur in my on-premises Active Directory |
|
|
Implement single sign-on using corporate credentials |
|
|
|
||
Limit access to cloud services based on the location, client type or Exchange endpoint of the client |
|
.gif "Checklist")
1 Provides limited support
If you need to synchronize identity data from a multi-forest on-premises Active Directory environment to Azure AD, see the Multi-forest - DirSync with Single Sign-On.
See Also
Concepts
Directory integration
DirSync with Password Sync
DirSync with Single Sign-On
Multi-forest - DirSync with Single Sign-On